I’ve recently setup a BIND9 DNS server to handle DNS resolution on my home network, running on Xubuntu.
I’m also using PfSense for my internet gateway / firewall, and the DHCP server is configured to assign the Xubuntu box as the only DNS server, instead of the ISP provided DNS.
90% of the time this setup works fine, but I’m getting fairly frequent lookup failures for internet addresses which definitely exist. The lookup always eventually succeeds after retrying; sometimes once, sometimes after multiple retries.
When the lookup fails, it always fails instantly, like the server hasn’t even attempted to resolve the host.
Here’s an example nslookup with a failure and subsequent success on retry:
> twitter.com
Server: UnKnown
Address: 192.168.0.4
*** UnKnown can't find twitter.com: Server failed
> twitter.com
Server: UnKnown
Address: 192.168.0.4
Non-authoritative answer:
Name: twitter.com
Addresses: 172.66.0.227
162.159.140.229
And here is my named.conf.options. I want the server to resolve hosts itself, so no forwarders are configured:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on port 53 { 127.0.0.1; 192.168.0.4; };
allow-query { 127.0.0.1; 192.168.0.0/24; };
allow-recursion { 127.0.0.1; 192.168.0.0/24; };
};
Thanks in advance to anyone who can help with this.
